MSCHAP - NTLM against groups
Micha Ballmann
ballmann at uni-landau.de
Mon Oct 21 14:34:51 CEST 2019
Hello,
i've configured a new freeradius server for WLAN authentication. My
radius server is a domain member on my samba 4.7.12 ADDC. For my mschap
configuration i followd this guide:
https://wiki.samba.org/index.php/Authenticating_Freeradius_against_Active_Directory.
The auth works! I can configure ntlm_auth in two differents way?
ntlm_auth = "/path/to/ntlm_auth*--allow-mschapv2* --request-nt-key
--username=%{mschap:User-Name} --domain=MYDOMAIN
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}"
OR
winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"
Both ways are working, but now im hanging a little bit. Currently im
using this config in /mods-available/mschap:
winbind_username = "%{mschap:User-Name}"
winbind_domain = "%{mschap:NT-Domain}"
(ntlm_auth = ... is commented out)
I have an AD Group "WLAN".
How can i authenticate against this groups? Is there any directive like
"winbind_group = "?
Regards
Micha
More information about the Freeradius-Users
mailing list